| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6704f880-14ed-b8e8-4204-ac0d8afef5ef@linux.intel.com>
Date: Tue, 30 Aug 2022 16:57:23 +0800
From: Binbin Wu <binbin.wu@...ux.intel.com>
To: Isaku Yamahata <isaku.yamahata@...il.com>
Cc: isaku.yamahata@...el.com, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>,
erdemaktas@...gle.com, Sean Christopherson <seanjc@...gle.com>,
Sagi Shahar <sagis@...gle.com>
Subject: Re: [PATCH v8 020/103] KVM: TDX: create/destroy VM structure
On 2022/8/30 3:09, Isaku Yamahata wrote:
>
>>> +}
>>> +
>>> +static int tdx_reclaim_page(unsigned long va, hpa_t pa, bool do_wb, u16 hkid)
>>> +{
>>> + struct tdx_module_output out;
>>> + u64 err;
>>> +
>>> + err = tdh_phymem_page_reclaim(pa, &out);
>>> + if (WARN_ON_ONCE(err)) {
>>> + pr_tdx_error(TDH_PHYMEM_PAGE_RECLAIM, err, &out);
>>> + return -EIO;
>>> + }
>>> +
>>> + if (do_wb) {
>>> + err = tdh_phymem_page_wbinvd(set_hkid_to_hpa(pa, hkid));
>>> + if (WARN_ON_ONCE(err)) {
>>> + pr_tdx_error(TDH_PHYMEM_PAGE_WBINVD, err, NULL);
>>> + return -EIO;
>>> + }
>>> + }
>>> +
>>> + tdx_clear_page(va);
>> Is it really necessary to clear the reclaimed page using MOVDIR64?
>>
>> According to the TDX module spec, when add a page to TD, both for control
>> structures and TD private memory, during the process some function of the
>> TDX module will initialize the page using binding hkid and direct write
>> (MOVDIR64B).
>>
>> So still need to clear the page using direct write to avoid integrity error
>> when re-assign one page from old keyid to a new keyid as you mentioned in
>> the comment?
> Yes. As you described above, TDX module does when assining a page to a private
> hkid. i.e. TDH.MEM.PAGE.{ADD, AUG}. But when re-assigning a page from an old
> private hkid to a new _shared_ hkid, i.e. TDH.MEM.PAGE.REMOVE or
> TDH.PHYMEM.PAGE.RECLAIM, TDX module doesn't.
Is the reason you added the tdx_clear_page() here due to the description
in 1.3.1 of Intel CPU Architectural Extensions Specification for TDX
(343754-002US)?
The description as following:
"MKTME on an SOC that supports SEAM might support an integrity
protected, memory encryption mode. When using keys with integrity
enabled, the MKTME associates a message authentication code (MAC) with
each cache line. By design, when reading a cache line using a KeyID with
integrity enabled, if the MAC stored in the metadata does not match the
MAC regenerated by the MKTME, then the cache line is marked poisoned to
prevent the data from being consumed. Integrity protected memory must be
initialized before being read, and such initialization must be performed
using 64-bytes direct-store with 64-byte write atomicity using the
MOVDIR64B instruction"
Actually I have a question about the description, does the
initialization using MOVDIR64B must associated with the according hkid?
Powered by blists - more mailing lists